Control Center

ť If you can't view the screen shot, you may have to click the screen shot when you put the mouse over the it.
ť Dependant upon your browser settings.

This sleek program is another to watch out for. So be don't be tricked.

It appears that the client was browsing facebook.com, when their browser was hijacked and redirected to another site (http://free-scanner-online.biz/get.php?sc=1&id=*****). The client was duped into installing this program.

A file was downloaded to the C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\<random foldername>\ win_protection_update[random number].exe folder. (win_protection_update[random number].exe 1,978,609 bytes)

Below are entries found in the Registry(If you are unfamiliar with the registry...Leave this page NOW) and files associated with the program.

Key Name: HKEY_USERS\S-1-5-21-***-***-***-***\Software\Microsoft\Windows\CurrentVersion\Run
Class Name:
Last Write Time: **/**/2009 - 6:42 PM
Value 0
Name: ccagent.exe
Type: REG_SZ
Data:C:\Users\<username>\AppData\Roaming\CC\ccagent.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Control Center"

You will find shortcuts to the program on the

Desktop,
on the Quick Launch
in the Program Groups (i.e. Start ť All Programs) ť Control Center

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following is a list of files you may find in the:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"c:\Users\<username>\AppData\Roaming\CC" Folder
Size Name

551,424 bytes ť ccagent.exe
2,016,256 bytes ť ccmain.exe
185 bytes ť settings.ini
76,256 bytes ť uninstall.exe

235 bytes ť 7,890 guide.html

53,967 bytes ť 05.png
48,347 bytes ť 06.png
45,779 bytes ť 07.png
42,753 bytes ť 08.png
138,334 bytes ť 09.png
178,919 bytes ť 10.png

Remember to always check here: C:\WINDOWS\Prefetch

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is the site the client was taken to.